Cyber_Defense_Presentation
Download as PPTX, PDF1 like375 views
This document outlines objectives for improving a cyber defense framework. It includes mapping critical security controls to existing controls, evaluating additional controls, and recommending improved data visualizations. The objectives are to document validation methods for controls, suggest new visualization approaches like multi-level doughnut graphs, and create a process flow template based on audit reports. Automating some tasks in the Sourcefire tool was explored but certain correlations cannot yet be automated. Overall, the experience provided insight into the framework and opportunities for more defined objectives and scope, specific deliverables, and regular communication were identified.
Cyber_Defense_Presentation
- 1. CYBER DEFENSE FRAMEWORK BROOKE MILLER BRIAN CEDILLO CRISTAL HERMOSILLO ELIJAH MILTON FRANK PAGALOS DANIEL LOZEN-KOWALSKI
- 2. OBJECTIVE: CRITICAL SECURITY CONTROLS • Research top 20 SANS CSC and sub-controls to document and determine the following: • Document sub-controls with no validation • Document sub-controls with tools/validation and which tool(s) are required • Document sub-controls with manual testing validations required • Map out the cyber defense controls to the sans 20 controls and sub- controls • Evaluate All sans sub-controls which were not currently listed on the cdc framework to determine which should be added • Document which tools are used for each sub-control which is added
- 3. SANS CIS CRITICAL SECURITY CONTROLS MAPPING TO CYBER DEFENSE CONTROLS Existing Cyber Defense Controls (13) SANS Controls (20)
- 4. SANS CIS CRITICAL SECURITY CONTROLS MAPPING TO CYBER DEFENSE CONTROLS
- 5. OBJECTIVE: VISUALIZATION • Review ECIF/CKS Analysis and recommend improvements to better visualize the data. • Review current / proposed visualizations and suggest 3 new innovative visualization approaches and tools to improve basic visualizations.
- 6. • We like: • Pie Chart • Bar Graph • Horizontal Bar graph • Need to improve: • Bubble graph • Issues: • Bubbles blob together, which doesn’t allow size to be prominent • Hue is hard to differentiate • Scale is hard to read & use • Change to: • Multi-level doughnut graph • Tiers are easier to understand • Easier to differentiate colors & size ECIF/CKS ANALYSIS
- 7. LINUX PACKAGE ANALYSIS • Change this to a doughnut graph • We found that it would be easier to read. Similar to the ECIF/CKS Analysis.
- 8. VULNERABILITY COUNT BY AREA • Recommendation: • Changing the order to ascending order instead of alphabetical.
- 11. RECOMMENDATIONS CONT. Do’s & Don’ts • Remove excess grid lines • Contrast • Readable labels • Avoid repetition • Avoid Smoothing and 3-D • Gradients • Sorting • Color Things to bring variety • Orientation • Curve • Length • Width • Shape • Enclosed • Intensity • Special • Motion
- 12. OBJECTIVE: OUTPUT • Sourcefire automation was to reduce the amount of work it takes to extract the list of Sourcefire rule ID’s applied to each Policy in Defense center.
- 13. SOURCEFIRE AUTOMATION • Task: Getting rule IDs applied to each policy in Defense Center • Method: Researched Sourcefire API • Results: We are currently unable to automate some of the correlations we want to. Now, Cisco will now be implementing some of our feature requests in SourceFire 6.2.
- 14. OBJECTIVE: OUTPUT CONT. • Create a template for a final report of Cyber Defense Framework (results of the deliverables…graphs, pics, etc.), mimic A&P reports, export Tableau visualizations into template
- 15. PROCESS FLOW TEMPLATE A Template containing the various steps involved in the CDC Framework based on a combination of both sample process flows and A&P reporting to create an organized streamlined view of CDC process flows. 15
- 16. OVERALL EXPERIENCE RECOMMENDATION/IMPROVEME NT • More organization on objectives and deliverables (defined scope) • More specific objectives • Regular communication (weekly) TAKEAWAYS • Visualization • Group dynamic • Communication/networking • Insight into the CDC
- 17. THANK YOU